GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
gopkg.in/macaron.v1 Open Redirect vulnerability
Moderate
CVE-2020-12666
was published
for
gopkg.in/macaron.v1
(Go)
May 18, 2021
pomerium_signature is not verified in middleware in github.com/pomerium/pomerium
Moderate
CVE-2021-29652
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
JWT leak via Open Redirect in Programmatic access
Moderate
CVE-2021-29651
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
Redirect URL matching ignores character casing
Moderate
CVE-2020-15234
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses
Moderate
CVE-2020-15233
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Open Redirect in github.com/AndrewBurian/powermux
Moderate
CVE-2021-32721
was published
for
github.com/AndrewBurian/powermux
(Go)
Jul 1, 2021
Incomplete List of Disallowed Inputs in Kubernetes
Moderate
CVE-2021-25737
was published
for
k8s.io/kubernetes
(Go)
Sep 7, 2021
Open Redirect in OAuth2 Proxy
Moderate
CVE-2020-4037
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Moderate
CVE-2020-5233
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Open Redirect in oauth2_proxy
Moderate
CVE-2017-1000070
was published
for
github.com/bitly/oauth2_proxy
(Go)
Dec 20, 2021
Open redirect vulnerability in Sourcegraph
Moderate
CVE-2020-12283
was published
for
github.com/sourcegraph/sourcegraph
(Go)
Dec 20, 2021
Open redirect in Gitea
Moderate
CVE-2021-45328
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
Moderate
CVE-2020-15129
was published
for
github.com/containous/traefik
(Go)
Feb 11, 2022
Arbitrary redirects under /new endpoint
Moderate
CVE-2021-29622
was published
for
github.com/prometheus/prometheus
(Go)
Feb 15, 2022
Pivotal Concourse Open Redirect in Login Flow
Moderate
CVE-2018-15798
was published
for
github.com/concourse/concourse
(Go)
Feb 15, 2022
Open redirect in caddy
Moderate
CVE-2022-29718
was published
for
github.com/caddyserver/caddy
(Go)
Jun 3, 2022
Gophish before 0.12.0 vulnerable to Open Redirect
Moderate
CVE-2022-25295
was published
for
github.com/gophish/gophish
(Go)
Sep 12, 2022
Macaron i18n Open Redirect vulnerability
Moderate
CVE-2020-36627
was published
for
github.com/go-macaron/i18n
(Go)
Dec 25, 2022
scs-library-client may leak user credentials to third-party service via HTTP redirect
Moderate
CVE-2022-23538
was published
for
github.com/sylabs/scs-library-client
(Go)
Jan 20, 2023
Open Redirect in Caddy
Moderate
CVE-2022-28923
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 7, 2023
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
Moderate
CVE-2022-2837
was published
for
github.com/coredns/coredns
(Go)
Mar 3, 2023
Authelia allows open redirects on the logout endpoint
Moderate
CVE-2021-29456
was published
for
github.com/authelia/authelia/v4
(Go)
Mar 16, 2023
Mattermost Open Redirect vulnerability
Moderate
CVE-2023-47168
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
ProTip!
Advisories are also available from the
GraphQL API